If you discover a security vulnerability in BaiBai, please report it responsibly:

1. Do NOT open a public issue
2. Email the maintainer or use GitHub's private vulnerability reporting
3. Include a description of the vulnerability and steps to reproduce

You can expect an acknowledgment within 48 hours and a fix within 7 days for critical issues.

• Dependencies are monitored via Dependabot
• Secret scanning and push protection are enabled
• Branch protection requires PR reviews before merging to main